Do you allow users to connect to your server via SSH or SFTP? If they are using password authorization you may want to consider switching to SSH keys instead. With password authorization, users only need a username and password to connect to your server. This means hackers or bots can try combinations of popular usernames and password in attempts to gain access. If they eventually guess correctly, they will be allowed to connect to your server. But, if you require SSH keys to connect to your server, no one can connect unless they have a copy of the private key. In this tutorial, we will show you how to disable password authorization in WHM, so users will be required to log in with a private key.
Disabling Password Authorization
Log into WHM as the ‘root‘ user.
Click the Security Center option in the navigation menu.
Select the SSH Password Authorization Tweak button.
On the next page click the Disable Password Auth button.
You are finished when you see message stating
“Password Auth has been disabled!”
Congratulations, now you know how to disable password authorization in WHM!
This seems to only disallow password authentication for SSH login. I want to disable password authentication for FTP too. I have keys setup and working for both FTP and SSH, but I can still login to FTP with passwords.
It looks like you can disable all FTP access by using the Host Access Control, the user keat63 explains the solution in this thread on Disabling FTP access in the official cPanel forums.